My 6-Month Bug Bounty Review ️‍♂️
作者在2024年报告了9个漏洞,其中6个被修复但未获回应,2个获得奖励(包括奖金和荣誉),1个仍在处理中。部分漏洞因未被认可而感到失望。 2025-7-1 12:3:48 Author: infosecwriteups.com(查看原文) 阅读量:16 收藏

Now let’s come to the main point:

  1. All Triaged Bug Stats of 2024:

As I told in my last writeup that I have 9 bugs which are in triaged state now let’s talk all that one what happened with it?🤔

  1. I have reported a bug through bugbountys.com platform in Dec 2024 but still I didn’t get any response from their side. The bug was already fixed and the vulnerable domain is already removed but I never got any single response yet 😢.
triaged report in bugbountys.com platform

2. I have reported a bug to Paytm through their bug bounty portal and waited for many times. Even I have chatted with them through X(twitter). Firstly I don’t get any response but then after consistently saying they listened me 🤗 And within 2–3 days they resolved the bug. But then I never got any response back from them and I have never been recognized from their side 😭. I even do tweet about it but still no response from their side..!

tweet by author

3 & 4. I have reported 2 bugs to a self hosted program. But I have not got any single response from their side also.

Gamil proof by author

5 & 6. I have reported 2 bugs to BBC. At first they told me that 1 bug was not a valid and they simply not consider it. But the another one they replied me that the bug was valid and they are working on fix. But then after again no response from long time and then after consistently asking for update they finally told me this:

Report-1 Proof
Asking for update in new mail
Triaged report was closed as NA
2 Reports submitted to BBC

At the end Disappointment 💔None of my two reports are considered as a valid and both are closed. I make excuse against it:

Try from my side to get proper reason

But again not a proper response from them and this two reports are also closed as Not valid 😭💔🤡.

7. I have reported bug through Comolho platform on Dec 2024, And till now still the bug was in triaged state and recently the team started working on fixing the bug.

Recent mail come from the team

8. I have reported bug to WHO( World Health Organization). Which was triaged and consider as a valid🤗 and Finally after lots of rejections I was rewarded a HOF in WHO.

Awarded HOF ❤

9. I reported bug to Samsung on 13th Nov, 2024. Which was considered as a valid and I was awarded with the sweet bounty 🤑. Which was actually my very first bounty (in dollars) after 1 year of hardwork. As I already attached the screen short of proof in the bugcrowd section.

Author got his first bounty 🤗

So, the final states are:

9 bugs are in triaged state in 2024

6 bugs are fixed but then No response 😢

2 bugs are rewarded ( 1 bounty + 1 HOF) 🤑

1 bug is still in triaged 😶


文章来源: https://infosecwriteups.com/my-6-month-bug-bounty-review-%EF%B8%8F-%EF%B8%8F-8469f3ca230f?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh